The MNHQ Moderation Team: Thread 2

[BarrackerBarmer]

Follow on thread regarding the data breach situation:
___

Dear MNHQ

I'm very grateful for the commitment to free speech you've publicly taken, and for Justine's courage this week.

A former disgruntled employee of MN is writing on Twitter about the 'transphobia' of MN staff, and calling you TERFs. She is showing a great deal of bias and intolerance towards women with feminist views, this may well be her honest opinion, which is no big deal I suppose, since she is no longer an employee.

At least, it isn't an issue until she calls a shout out to her
'friends who still work at MN' to report and take down posts by 'transphobic scum', by which she appears to be referring to any poster objecting to being called TERF by her friend.

Regardless of the personal views of the MNHQ staff, who should be as free to hold their own views as I am mine, I am disturbed that there may be a small contingent of employees who are invested in unfair moderation and will not be applying fair-handed principles, at least if the claims of this ex-employee are credible.

Can you please give posters some reassurance that the difficult job of fair-handed moderation isn't being abused by the 'friends' of ex-employees who are 'reporting it all' and taking down posts because any gender criticism means the poster is 'transphobic scum'?

Thank you.

I doubt she'll be prosecuted. If she is, I wouldn't anticipate any consequence that some MNetters would like.

The young SEN man who designed the phishing programme of Jeffrygate got a community order and a £300 fine. And that led to the registration details of 2100 MNetters emails and NN being published online.

This woman Tweeted public MN posts attached to the IP addresses of (I thought 4 but MN said 3) posters which MNHQ say are dynamic IP addresses and could only be tracked to within a few miles of the posters and even if closer, unlikely to identify someone? Different for her compared to Jeffery as she was an employee but I don't anticipate much legal action or consequence. She's likely fucked her career for a while at least and having a horrendous time personally at the moment though. She's fucked up and has to take responsibility and the consequences.

And with Jeffery, Justine was swatted (awful and not excusable) but she is the head of MN. And one non-famous MNetter swatted? Again, awful.

But at the time there was such fear of doxxing and vulnerable women being outed. We were all 'under attack' by MRAs and so many awful consequences were possible. Fathers for justice and abusive partners accessing their victims via MN. Lives at risk. Finances and other accounts being accessed (lots of people use same emails and passwords for everything).

None of it happened. And that was 2100 actual emails and passwords connected to usernames published on the internet.

This is a Tweeter tweeting publically available posts that had the IP addresses of 3/4 people attached.

Nothing awful has happened as a consequence (apart from MNetters lacking confidence in policies and processes). Nothing awful is likely to happen to actual MNetters.

Some people will leave for good. Some people will change names or details. It's happened before but with more actual data released.

People will want certain things and responses from MNHQ. They'll get some. They won't get all. People will proclaim their knowledge and expertise and be ignored. People will demand things and report or threaten to report MN for a variety of things.

And then it'll die down. Not much will happen to the Tweeter. Not much will happen as a 'consequence' for MNHQ.

Everyone will move on.

Evening everyone. Just a heads up that Justine has started a Site Stuff thread here - please do have a read.

So even if you change to a neutral email your old one is still kept and visible.

That’s not good.

What?

Why are old e-mails kept?

There is absolutely no reason MN need to keep old e-mails in order to run the site and therefore they are breaking the current data protection act if they do so, let alone the GDPR.

The more I find out about this, the more bemused I am by how lax the data protection measures appear to be.

I really hope MN are going to do a big overhaul of all their data procedures, I'm very surprised that with the GDPR looming, they haven't already done so.

It's funny, I've just seen someone praise MNHQ for how seriously they're responding. I think the response has been pretty terrible. And I've been told off for scaremongering because I feel it should be treated as a major breach as we don't know the size - too much being better than too little. So many different responses to this.

"I could see user's sign up details (so whatever you'd entered when you signed up - email, first name, surname, postcode, any additional info) all name change history, deleted posts, private messages."

Clearly MN have not made a proper hierarchy of information at the back end. Only someone with 'super powers' should be permitted to view PMs, and the remainder on that list only moderators (perhaps senior mods). General website updater persons should not be privvy to any of that information really. So there is a huge flaw in security protocols right there, and that needs to be addressed immediately.

Apart from the obvious email addy, names and postcode(!!) info, the PM access is possibly just as much if not more worry - and that is the potential breach that should be of concern, particularly if circulated among EH's TRA buddies.

For the record, I don't think it accidental that EH included the IP addresses, all part of the "look what I had access to... and more" brag. One would question what she was doing taking screenshots instead of actually working - so apart from being a 'miscalculating idiot', a security risk, she is a work shirker. She has proven by her actions that she is untrustworthy, so her assurances that "that is all she had" cannot be taken at her word.

@AngryAttackKittens

Just joined to say “hear hear” to this. Whether EH was a moderator or not, there is a hellish strong flavour of “don’t upset men’s feelings” in the moderation on MN. Tell the truth about AGP or the behaviour of TiMs, much less express anger, and you’re told you’re transphobic, and your comment will be deleted.

It’s far too late to hope that being “nice” or “civil” will work (not that it ever has in the history of women’s struggles for liberation). All that amounts to is playing their game, and helping to silence women. How is that helping the women who make this site? It’s the give an inch and they’ll take a mile, and the TRAs in the UK are turning it into an utter hell for women.

MN moderators, you need to stop demanding women be so mealy-mouthed, stop punishing them for telling the truth. You have a reputation made by the women here for standing up to the trans lobby. How about doing that on the site, supporting your millions of users, instead of kowtowing to misogynists?

I don't think they are. I am GC and still see loads of posts I think are offensive or transphobic and if I think that, there are many more who are in favour/not bothered about self ID who do.

MN has millions of users, moderation shouldn't be designed to favour the views of a small (but vocal) number.

*I genuinely think it's possible that a non-compliant woman will be seriously hurt by a member of the extreme TRA fringe at some point. And who knows what will precipitate it? Emma's data breach could easily be the trigger.

This is just awful.*

Lang, probably last of many to say this, but it is happening everywhere that trans activism exists. Maria MacLachlan is one obvious UK example. The murders of Patricia Wright and Charlotte Reed and their son Toto are three obvious US examples. Even questioning a man’s presence in what should be a women’s private place will get you beaten to within an inch of your life, and as everyone here knows, now he has only to declare himself a woman to get away with it, and have even more backing from the male-run judiciary.

Eh, I disagree that women who know men are not and cannot be women, and vice versa, are a minority. Nor do I think telling the truth about a deeply misogynistic movement is “transphobic”.

MN has millions of users, moderation shouldn't be designed to favour the views of a small (but vocal) number.

Of course moderation should be objective.

However, of the screenshots shared by EH, one was sarcastic and meant the opposite of what it was implied to say by EH, another was a quickly deleted thread, and another was asking a potentially offensive but fair question.

I don’t think moderating is easy and perhaps MN sometimes get it wrong, but as somebody trying to expose transphobia at MN, EH used some pretty flawed evidence.

Oh she did. Which is odd as there are plenty of better examples she could have used. I was responding to the previous poster in my post.

It also depends what you think moderators should do too. Should mean comments be removed for example?

In some ways, Reddit is really great (and scary) in this respect because there are no teachers to report to - the communities are self-moderating with responses and downvotes and being able to hide people with low levels of "karma". Here you can't do that, trolls can derail conversations and namechanges don't help you build up a personal level of reliability etc.

It sounds a bit weird I'm sure but we often complain about echo chambers and then Mumsnet sort of is one (not on this topic exactly, more an overall tone).

So sometimes I feel that Mumsnet's own old-style technology means that they HAVE to monitor everything and therefore have access to absurd amounts of personal data, where maybe they shouldn't or wouldn't have to with another setup?

Of course moderation should be objective.

It can't possibly be. The best it can hope for is to operate within a transparent set of guidelines in a way which the lawyers proverbial "reasonable person" would regard as consistent with those guidelines.

Moderating forums which discuss charged or sensitive issues has to avoid falling into the "I don't know what offensive is, but I know it when I see it", beloved of pearl-clutchers everywhere. Otherwise, you're just left with hunning and recipes.

The best it can hope for is to operate within a transparent set of guidelines in a way which the lawyers proverbial "reasonable person" would regard as consistent with those guidelines.

Fair enough, but the aim should be to objectively follow the guidelines.

Mumsnet's own old-style technology means that they HAVE to monitor everything and therefore have access to absurd amounts of personal data, where maybe they shouldn't or wouldn't have to with another setup?

I suspect that's very likely.

It's regarded as pretty much unchallengeable that, in broad terms, it's not possible to retrofit security. You can fix bugs which mean the existing security doesn't work, and you can mitigate (sometimes) new threats you didn't originally consider to your existing security goals. But if someone comes along and says "could you modify that bulletin board to handle multi-level labelled security so that everyone can see the unclassified stuff but different levels of users can only see particular postings?" or "could you modify that accounting package to deal with the threat of hostile, motivated, capable system administrators?" then the answer is, in general, "No".

It's just not possible to fit a new security model onto old architectures that were never designed to cope with them. Essentially, the worldview and the security objectives you settled on - or allowed to settle on you - at the outset are what you're stuck with, absent effectively building a new system.

That's why it's taken 25 years for Windows' security to be not completely shit, and it's still pretty shit: the basic architectural assumptions just don't support the requirements people are now imposing on it, and even with the massive resources Microsoft have - and some incredibly smart people - they can't make it simultaneously be 2018-secure and 1998-compatible. Similarly, the security properties offered by your Mac is basically the same as that offered by the computer science department's pdp11 in 1982, because the basic architecture of Unix hasn't changed in the last forty years. There are things you'd like to have on your Mac which you can't, because two blokes born during the early years of the second world war didn't think about them when they were building an operating system in 1972.

Should mean comments be removed for example?

Yes, because apart from anything else they derail conversation and overheat the discussion.

The problem is my definition of ‘mean’ may not be yours.

It's just not possible to fit a new security model onto old architectures that were never designed to cope with them.

That's not strictly speaking accurate; I've worked on projects that did precisely this. It just tends to be complex, tedious and correspondingly expensive.

The issue with IT security, very often, is not that it's not technically feasible but that it prevents people from working efficiently.

Point in case: I've had to loosen up restrictions on a system we designed with stringent security controls in mind. And it worked like a charm - on the technical side of things. There was just one minor problem: when people were absent, no-one could access their case load. Unless an authorised approver explicitly enabled one particular user to. And they would take a week to carefully consider each request. So basically, if you didn't make sure you had a delegate in place before you went on holiday, none of your colleagues could help your cases out. Nothing got done.

I couldn't possibly speak to what the insides of the MN tech underbelly look like, but from what I've read on here and based on my experience, the whole system might benefit from the inclusion of a bit of encapsulation:

Say you want to know if two accounts are posting from the same IP, i.e. might be socks. You can manually check this by looking at the IPs. You could also, though, hide the actual IP and instead expose a function that gives you a yes/no answer to your actual question. You could even check if they're maybe not exactly identical but likely to come from the same network, which you can't do by eye unless you happen to really be into networking (I have two relevant degrees and couldn't guarantee that I'd get it right on sight at all).

As stated previously, though, it's a trade off. I'm never a friend of no mobile no internet access policies unless it's absolutely unavoidable. We're talking programmers working on flight control software levels of catastrophic if exposed here. I've worked on projects where this was the rule and people hated the restrictions it put on them as well as the attitude of suspicion by default they felt it reflected. Unhappy employees, in my experience, don't work as hard and aren't as security conscious as they could be.

Tricky, but long story short: it might be a good idea to improve some IT related aspects to better secure sensitive information from what I read. But in a case such as this, GCHQ levels of IT security are neither necessary nor necessarily helpful.

Yes, a one-way hash on most information (esp IP addresses and old email addresses) would address most concerns!

I agree with all of that: the example of "what happens when people go on leave" is my usual lead in to "back in the real world, users start to share login credentials behind your back, and you shouldn't do things with tacitly encourage that".

YY to encapsulation. But that requires that users are only able to access the API, and can't access the underlying data which that function uses to make the judgement. That's hard.

I somewhat disagree on the magnitude of "complex, tedious and correspondingly expensive.": I think you can only do that within a band of properties. No-one has satisfactorily added multi-level security to Unix, for example, because in order to do it, you break so much that what you're left with isn't Unix anymore: a lot of existing software stops working. I don't believe that you can take a general purpose computer and make it into, say, a secure communications processor and still have it function as a general purpose computer.

Yes, a one-way hash on most information (esp IP addresses and old email addresses) would address most concerns!

Hashing IPv4 numbers is a waste of time: there are only 2^32 of them, so you can trivially recover the original from the hash. Another reason to do IPv6 :-)

If you just want to link accounts together, hashing email addresses and IP numbers is a waste of time for a reason independent of their size. It doesn't matter if I pull out all the usernames for which the email address is the same as the one I am looking at, or all the usernames for which the email address has the same hash as the one I am looking at.

It's just not possible to fit a new security model onto old architectures that were never designed to cope with them. Essentially, the worldview and the security objectives you settled on - or allowed to settle on you - at the outset are what you're stuck with, absent effectively building a new system.

You what? I've been writing and maintaining software for the last 20 years, of course you could retrofit permissions or encryption into an existing system! Hell, I've done it more than once!

Yes, it's a pain in the bum, and it takes a while to find all the places it affects, but if a programmer can't be methodical and thorough then they're a shit programmer!

No-one has satisfactorily added multi-level security to Unix, for example, because in order to do it, you break so much that what you're left with isn't Unix anymore:

But we're not talking about an operating system - we're talking about a bulletin board system, a CMS, a CRM system - all of these are decidedly less complicated, and can be secured (from most people - DBAs, live support IT bods - it's pretty hard to write a system that's completely impregnable, even by the people that wrote it, and is still useable)

Hashing IPv4 numbers is a waste of time: there are only 232 of them, so you can trivially recover the original from the hash^

Who would do it that way? You'd salt it, so it's no longer trivial to reverse them.

I'm not even sure you need to go this far. If I were to plan something like this, I'd probably classify it as 'sensitive but not safety critical on a larger scale' and would simply go for a 2-tier permissions structure, in which people like moderators and content managers don't really get full admin access but simply enhanced functionality with data processing managed and encapsulated via API and full admin access being tightly restricted and tied to strict process controls.

Humans are one of the most frequent and serious causes of security issues, really. I've honestly never worried as much about imperfect encryption on my systems as I have about the fact that my staff go for drinks with former colleagues who now work for the competition and that drunk people tend to be both talkative and lacking in judgment. And that's assuming that they're not intending to cause issues (clearly not the case here).

Hence implementing a need to know based access control system would arguably lead to significant improvements without even thinking of the possibility of highly trained Russian hackers and the likes. Pragmatic solution.